Articles on: Getting Started
This article is also available in:

What are cookies?

HTTP cookies

HTTP cookies (also known as cookies from browser, cookies Internet or cookies Web ) are small blocks of data generated by a web server when users browse a website.

A user’s browser places these cookies on their computer (or any other device used to access a site). Multiple cookies can be placed during the same session.

What are HTTP cookies for?

Cookies provide access to various useful and even crucial web functions. For example, they allow web servers to collect large sets of data on the user’s device or to track user navigation activity. This includes logging in, clicking on specific buttons, or saving previously visited pages.

Website creators may also use HTTP cookies to record information for future use. For example, one might think of user input form fields (such as names, passwords, addresses and payment method).

The different types of HTTP cookies

Two types of cookies are much more common than others on the internet. Web servers commonly use authentication and tracking cookies:

Authentication cookies attest that users are logged in and identify the account they are using. Without these cookies, users would be required to authenticate each time they connect to a page containing sensitive data to which they wish to access. Instead, they have to confirm their identity once.

Therefore, the protection of an authentication cookie against security vulnerabilities depends on the security of the site that issues it, as well as the web browsers used by users.

Tracking cookies, and in particular third-party tracking cookies, are used to collect long-term records of people’s browsing history. EU law now requires all websites targeting EU Member States to obtain “informed consent” from users before storing non-essential cookies on their devices. This legislation responds to privacy concerns.

Other types of cookies:

Session cookies: Only exist in temporary memory when users browse a site. They expire or are deleted as soon as the web browser is closed.
Persistent cookies: Regardless of their type, these cookies expire at a predetermined time or after a certain period of time.
Secure cookies: These cookies can only be transmitted via an encrypted connection protocol (HTTPS), excluding unsecured connections (HTTP).
HTTP cookies only: For security reasons, client-side APIs (such as JavaScript) cannot access this cookie. However, it remains vulnerable to certain attacks.
Cookies from the same site: Involve target domains whose value parameters are defined as Strict, Lax or None.
First party cookie: The domain attribute of the cookie is the domain that is displayed in the web browser address bar.
Third-party cookie: The domain attribute of the cookie belongs to a different domain than the one indicated in the address bar (such as banner ads linked to external sites).

In 2020, the European Data Protection Council, composed of all EU data protection regulators, declared the use of cookies without informed consent illegal.

According to the GDPR and the Electronic Privacy Directive, consent to cookies must meet several conditions. Consent must be given freely and unambiguously. A reject button must be available, and consent must be "as easy to remove as to give". In other words, a refusal button must be as visible and easy to access as a Accept All button.

Updated on: 15/05/2023

Was this article helpful?

Share your feedback


Thank you!